Updated: 24 September 2021
To set up your end users to be MFA-ready ahead of the go-live date we have developed a template you can use to map the user details between the two systems for all your users - we will then update CLASS using that mapping as we deploy the MFA feature. This should be far less work for you to complete than manually updating user details in CLASS.
To do this, you will need:
- To have completed our initial admin setup guide.
- Access to Azure Active Directory with any of the following roles: Global Administrator, Application Administrator or a Cloud Application Administrator (if your Azure setup is managed by an external IT provider, they can complete any steps related to this).
- Access to a CLASS user account in your Centre's live database with the CLASS Admin - Advanced role
- A downloaded copy of our User Mapping template.
Why do I need to do this?
This process is optional, but has been designed to provide the most efficient way to make sure your users have immediate access to CLASS once MFA is switched on in the live system.
How can users get into CLASS after MFA is switched on if I don't do this step?
As long as your usernames already match up with your Microsoft logins, users can use the self-serve user registration portal to save their claim to their CLASS account the same way as in the final steps of the admin setup guide.
- In CLASS, navigate to System Settings > User Accounts.
- In the search bar in the Active column, type Yes and hit enter.
- Hover over the Export icon and select Export to Excel.
- Open the CLASS user list and your empty template file in Excel or similar
- Ignore the Centre ID column. We will set this for you when you send the file to us
- Copy the Username column from the CLASS list and paste it into the Existing CLASS Username column of the mapping template
- Copy the Email column from the CLASS list and paste it into the Existing CLASS Email column of the mapping template
- Open the Azure user list.
- For each row in the mapping template, find the corresponding row in the Azure user list and:
- Copy the "userPrincipalName" value into the Azure AD UPN column for that row in the mapping template.
- Copy the "id" value into the Azure AD User ID column for that row in the mapping template.
- Enter the Set CLASS Email column for that row - if it is already correct just copy it.
What if my CLASS Username and/or Email already matches Azure AD?
That makes things easier for you! All you have to do is remove any rows you don't need from the Azure user list, sort both lists by a matching column so they line up, and copy the objectId column in its entirety into the mapping sheet - you will still need to fill the Azure AD UPN column as well, but this can also just be copied.
Can I set a different email address to my Azure Username?
Yes you can! As long as the email address is unique to that user it is fine - the email address is used to send workflow emails to users and to send new users the MFA registration link.
What if I want emails for all my volunteers to go to the same inbox?
If you have created individual Microsoft user accounts for your volunteers but want them all to receive CLASS emails in one place, you have a couple of options:
If you intend to continue using the IP whitelist functionality for any/all of your users, put the value Y in the Set Supervised User column of the User Mapping Sheet for each user you want to do this for.